[manjaro-security] [ASA-202107-12] spice: multiple issues

Jonas Witschel via arch-security arch-security at lists.archlinux.org
Fri Jul 9 16:15:36 CEST 2021


Arch Linux Security Advisory ASA-202107-12
==========================================

Severity: Critical
Date    : 2021-07-06
CVE-ID  : CVE-2020-14355 CVE-2021-20201
Package : spice
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1239

Summary
=======

The package spice before version 0.15.0-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
==========

Upgrade to 0.15.0-1.

# pacman -Syu "spice>=0.15.0-1"

The problems have been fixed upstream in version 0.15.0.

Workaround
==========

None.

Description
===========

- CVE-2020-14355 (arbitrary code execution)

Multiple buffer overflow vulnerabilities were found in the QUIC image
decoding process of the SPICE remote display system. More specifically,
these flaws reside in the spice-common shared code between the client
and server of SPICE. In other words, both the client (spice-gtk) and
server are affected by these flaws. A malicious client or server could
send specially crafted messages which could result in a process crash
or potential code execution scenario. The issues have been fixed in
spice (server) version 0.14.90 and spice-gtk (client) version 0.39.

- CVE-2021-20201 (denial of service)

An issue was discovered in SPICE server before version 0.15.0. There is
a vulnerability which might make it easier for remote attackers to
cause a denial of service (CPU consumption) by performing many
renegotiations within a single connection.

Impact
======

A remote attacker could execute arbitrary code on the SPICE server
using crafted messages, or cause high CPU consumption by performing
many renegotiations.

References
==========

https://bugs.archlinux.org/task/68166
https://www.openwall.com/lists/oss-security/2020/10/06/10
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
https://gitlab.freedesktop.org/spice/spice/-/commit/4f71d0cdb79d2f61da49d439a5b72e3ce0070313
https://gitlab.freedesktop.org/spice/spice-gtk/-/commit/df0d3f9d95fe8235b95fa291feb746ba5e3bd6aa
https://bugzilla.redhat.com/show_bug.cgi?id=1921846
https://gitlab.freedesktop.org/spice/spice/-/issues/49
https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
https://security.archlinux.org/CVE-2020-14355
https://security.archlinux.org/CVE-2021-20201
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20210709/aea93a5f/attachment.sig>


More information about the manjaro-security mailing list